Configuring Squid can be challenging at times but here is a simple and easy example of how to block sites. Let’s start!
Define the Problem
Let’s first go ahead and outline what we would like to accomplish. This Squid proxy will be located in a school where students’ Internet access must be filtered. Due to school policy, certain sites must be blocked to protect students and minimize distractions/disruptions. We’ll define two requirements:
- Faculty and teachers (10.1.0.0/20) are allowed to access all sites
- Students (10.1.16.0/20) are not allowed to access sites that are listed in our computer policy under “Non-Educational Use”
Let’s create a minimal config for Squid. Make /etc/squid/squid.conf look like this:
# Service Configuration http_port 10.1.1.10:3128 # ACLs ## Deny access to certain websites for students only acl student_workstations src 10.1.16.0/20 acl blocked_sites dstdomain "/etc/squid/blocked_sites.txt" http_access deny blocked_sites student_workstations
As you can see in the configuration above, we’ve set the listening port and our first ACL. The ACL blocks access to a list of sites (listed in /etc/squid/blocked_sites.txt) for all users sourcing from a device in the 10.1.16.0/20 subnet (which is where the students are located). In our /etc/squid/blocked_sites.txt, we’ll add a site to test:
Go ahead and check your configuration and then restart the service:
squid -k reconfigure systemctl restart squid
Testing our Configuration
Now, from a student workstation, we’ll try to browse to two sites – one of which is blocked (Hulu) and one that should be allowed by default (World Factbook):
Looks like our config works!